Index.dat file

You can easily include PrivacIE, and any other locations you desire, in CCleaners custom folders. Maybe you can with other Apps too.

Here's a screeny of how i've done it.

 

Hey guys try this, think I may have found another solution.


Boot in safe mode. go to Run type cmd

type CD\ and then enter

then type del index.dat /s then enter.

after doing this I get these results in the screenie. only 3 index.dat files which seem to have been recreated upon boot, because if I right click view contents there is nothing there to view.

To Prevent any future writing to these 3 index.dat files I find that by using Fire fox instead of Internet Explorer nothing is ever written to any index.dat files.

 

This was a good little thread:
https://www.wilderssecurity.com/showthread.php?t=233601&highlight=index.dat

 

To delete all index.dat file isn't a good idea.

There are many applications that use their own "index.dat" files.

It's adviced to clean the Windows system index.dat files only.

Take care. Clean too much isn't to have a clean system.

Using a RAMDisk to Temporary Internet Files you don't have concerns with their index.dat files (system related).

 

A perspective from a security and privacy paranoid> link: http://portland.indymedia.org/en/2004/10/298874.shtml
quote:
Without extensive reconfiguration of Windows end users will not see the real files. Instead they see a database generated representation drawn from a file called index.dat.

Even the controls to access the drive are hidden with an obscure setting called 'Simple File Sharing (Recommended)'. Windows XP does not always delete the actual files from your hard disk. Even the emulated DOS reports the database, unless windows is substantially reconfigured.

Windows goes to great lengths to prevent this reconfiguration. Also, many do not know there is no need for this cache, other than to go back to pages. Its main role is to maintain a record of users activities and generate ghost images throughout the drive.

Done by design.


23. Index.dat

A database file of the contents of an area of the drive, including deleted files. In the 'Temporary Internet Files' it records date, time, Internet location and file name information of downloaded graphics/images and sites accessed, with user IDs in a nice big list.

There are various 'index.dat' files throughout Windows, a dat file is generally a database. A users activities can be recorded for several weeks and user names (etc) recovered. The index.dat file retains information about recently deleted files and Microsoft has failed to provide any reasonable explanation.

You cannot provide, what does not exist, there is no genuine reason to retain deleted files information other than deliberately recording an end users activities for forensic analysis.

This is used for rapid identification, file recovery and time-plotting of a users activities. A small application produces a timetable of a user's usage, referenced against the recorded information for each second of activity.

On large networks, this can be used to verify each member of staff location and movement across an entire infrastructure, this type of output in normally rendered in a full 3D layout of the target building.

Done by design.
---end of quote---

 

Interesting read trismegistos.

The reason why Microsoft have done this is so as computer forensics can recover activities. At the end of the day we will never be able to find all hidden files and registry entries that record all our activities. However we have not been completely defeated in this area. Once again the only way is to use something like Deep Freeze and or Full Disk Encryption.

 

I'm not quite sure if this paranoia is justified and you are correct, but if it is, Microsoft has basically created a 'backdoor' in their OS.

It collects data, stores them without any real benefit for the user, only to have surfing information available for forensic analysis, and possible anyone who can access your computer (remote or physical) and has the tools/knowledge to gather that data.

When did they start with index.dat ?

I tend to be paranoid, but this is something I'd never have expected.

 

At least as far back as Win95. (I didn't use Win3.1) The fact that you couldn't clear the contents, or easily delete these files bothered a lot of people back then. You could boot to DOS and do it. I don't think there were as many Index.dat files then as there are now...

Sorry, Fly, but there's more! With Win95 also came the Registry. It upset many people that it maintains a history of much of what you do on the computer. A quick search of HKCU for MRU (Most Recently Used) lists shows:

Also a lot of software - not only Microsoft's - maintains a history of your most recent files used:

Some programs give the option not to maintain a list of recent files used. I think there are some utilities that delete all MRU.

On the other hand, in discussions years ago about this, I found people who liked that feature: from the File menu in the program, you can quickly open a recently used file.

So, it's all a point of view.

In a recent thread, Sully was looking for Registry entries about Autorun and Removable drives. I found this key which keeps a record of all drives ever conncected:

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

I don't know of what use that would be to anyone, or what information is contained in the listings. But the record is there!

There are books on the Registry that delve deeper into these things.

As arran points out, a program such as Deep Freeze solves the problem for anyone who doesn't want these records kept. Anything written to C:\ while DF is frozen will be discarded on reboot. That takes care of the Index.dat stuff and anything in the Registry.

----
rich

 

Yea It's just not worth all the "ENDLESS" time and effort to try and find and delete all records of hidden activities. Because you will never find them all. I'm going to be using deep freeze and full disk encryption after I have finished configuring MD.

 

I've been looking into deepfreeze, and it looks like they are now focused on libraries, enterprises etc, but not on the individual (home) consumer. (See also an older thread about the new version of 'Anti-Executable')

After some digging on their website I've found 'Deep Freeze Standard for Windows with 1 year Maintenance Package' for 45 USD. I'm not sure what it means. Is that the correct deepfreeze for a private/home edition (Windows XP Home Edition) or not ? Any caveats ?

 

It's true that they seem to be focused on libraries, enterprises etc., but the Standard version will work for Home. I don't think an individual can purchase the Enterprise Edition for single use, since it comes with a license for multiple workstations.

Check with their Sales department, but I believe that the Maintenance package permits a free upgrade to a newer version if one is released during the year. The Maintenance Package is renewable yearly but the DF license for use is permanent. I don't have the Maintenance Package.

• At least two partitions required, unless you save data to an external USB drive. Those who use My Documents and other Shell User folders would have to remap them to a thawed partition. Faronics provides a free Mapping Tool utility, and Microsoft's PowerToy, TweakUI, lets you move various Shell User folders via a GUI rather than going to the Registry.
  
  
• Programs that store user settings and options in the Registry (MSWord, Photoshop) require thawing DF when making any changes to those settings.
  
  
• Thawing required if testing any software that requires a reboot upon installation. This can be a nuisance if you do a lot of testing.

Be sure and read the User Guide carefully before evaluating. You might check with Faronics Support if any question about compatibility with your existing security products, especially those which use a low level driver.

Prior to installing DF, I advise a reinstallation of the OS to insure a completely clean system, including a pristine Registry, of course! Then create your additional partition(s) and away you go.

Once installed, it just sits there and does its thing.

----
rich

 

I use Returnil with Sandboxie. I would assume that takes care of it.

 

I downloaded the index.dat QV and ran it after surfing some websites. A list of the websites came up.

Then I ran Ccleaner and Sweepi. They still came up.

Then I ran R-Wipe and they disappeared.

So then I opened up Sandboxie and surfed a bunch of sites. I have Eraser added to wipe when I delete the Sandbox, so I did not delete it. I just exited it. But when I ran that program again, I could not find a list of the websites in any of the dat files that came up with that program.. So I am confused. I have read that Sandboxie leaves dat files behind. I found 4, but they contained nothing that seemed of any value. Shouldn't there be a list of websites somewhere left by Sandboxie?

 

Like you didn't delete (wipe) them they are in your Sandbox folder: e.g.:

C:\Sandbox\<UserName>\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\index.dat

It seems that the index.dat'app. you uses find the system index.dat files only (and if so it is doing their work well): the index.dat files in sandbox folder aren't "system" .dat files; they are "virtualized" system .dat files.

You can see their contents - that shouldn't be empty.

 

No application uses their own index.dat file. Those are created by Windows and thrown into all kinds of folders and are not associated with an application in and of itself.

 

What technique do you use to wipe them, Gerard?

 

I use Returnil on my laptop and Deep Freeze on my desktop and I simply don't worry about them because they are gone on reboot. To get them cleaned up the first time, I used index.dat suite and an old program called Spiderbyte and made sure there were none at all on my system (or were empty). I then created my perfect image.

 

Incorrect.

There are app. that use their own "index.dat" files. Normally they are database files creates by app. to do their work.

E.g. ZSoft Uninstaller uses a "index.dat" file in their 'backup' folder when you do a backup with it; when Sandboxie creates the virtualized 'index.dat' files it's because Sandbox needs them to work in their virtualization process! And is Sandboxie that creates/copy these 'index.dat' files in their sandbox folder. They aren't system index.dat files created by Windows but by applications!

Like the system creates .tmp files - there are app. that creates their own .tmp files.

What I said before is "clean too much isn't to have a clean system". If you delete all 'index.dat' files could some app. not work suitably.

If they can't use their database information they can't do the work wholly.

 

No. Sandboxie does NOT create their own index.dat files. I just double-checked and that's incorrect. It would seem rather bizarre for any developer to name any needed files "index.dat" as the Windows index.dat files serve no useful purpose at all and are well-known for being cleaned, wiped, etc. Yes, of course applications create .tmp files as that's a programming standard for temporary files. No comparison with the index.dat files. If ZSoft Uninstaller creates their own files with the "index.dat" name I would find another uninstaller as that alone shows incompetence.

 

majoMo

Sandboxie creates an image of whats already there. so if there is no index.dat files then sandboxie doesn't create any. doesn't mean to say it won't work properly.

 

I said:

I'm talking facts about. I'm not doing appreciations developers about.

1. The app. that wants to clean "Windows system index.dat files" must to clean these files - never all index.dat files.

2. To do their virtualization process Sandboxie creates index.dat files - and works with them - in Sandbox folder when browsing (if you want it copies from the original source - but it changes them when needed and uses them). These files aren't "system index.dat files" definitely. If you delete them you are not erasing "system index.dat files". Like if you delete in Sandbox folder the virtualized Temporary Internet Files you aren't deleting the real Temporary Internet Files created by system. They are files that Sandboxie uses in their virtualization process. For some reason. You can say they are unneeded - it's an opinion indeed; the fact is: they are there.

3. There are .tmp files that there aren't temporary files indeed. In some app. they are needed to the program to work. E.g. AptDiff can't do their whole work without their .tmp files. In fact they aren't temporary - they need to be in installation folder ever. Is the developer an incompetent? Perhaps. But this isn't the issue - the issue is the fact: the app. doesn't make their work without them! And if I know that and delete all .tmp files - I'm a inept out of doubt.

4. There are .bak files that there aren't backup files indeed. E.g. if Data.bak / opa11.bak files are deleted Office XP/Office 2003 doesn't work - Office CD is requested. Is Microsoft an incompetent and inept? Perhaps. I say again: "this isn't the issue - the issue is the fact: the app. doesn't make their work without them! And if I know that and delete all .bak files - I'm a inept out of doubt."

5. The same for ZSoft Uninstaller: "Is ZSoft'developer an incompetent and inept? Perhaps. I say again: "this isn't the issue - the issue is the fact: the app. doesn't make their work without them! And if I know that and delete all index.dat files - I'm a inept out of doubt."

I say again: I'm talking facts about. I'm not doing appreciations developers about.

Anybody can of course to say that is bizarre to name files like 'index.dat', *.tmp or *.bak when they aren't what we think that they should to be. This is an opinion - the facts is reality. I respect thoughts - and I respect the reality also.

BTW, 'index.dat' file'name hasn't rights reserved (copyright). Microsoft isn't 'index.dat'name owner. Programs, developers, users can named their files/folders as 'index.dat'. When renames a file to 'index.dat' the OS doesn't block that action. Are Programs/developers/users incompetents/inepts? Perhaps. It isn't the issue - the fact is the issue: they can do that!

 

A Microsoft "index.dat" file that shouldn't be deleted:


"%SystemRoot%\PCHealth\HelpCtr\OfflineCache\index.dat


Quoted Info:


- This index.dat does not get recreated. The loss of this particular file will cripple System Information (msinfo32.exe).

- Once this file is deleted, (MS)Sysinfo becomes disabled, and/or parts of Help & Support behave differently

- There is an index.dat file in the PCHEALTH folder, that should NOT be deleted as it is known to cause problems with the Windows Help Center.

 

Sorry for the late reply JRViejo. It does indeed work. As does the suggestion of StevieO about CCleaner for deleting this file. It is obviously recreated but at least it can be "cleaned".